Don’t Trust, Verify.

When a black swan event occurs, major centralized exchanges rush to showcase their PoR (Proof of Reserves, abbreviated as PoR) reports. PoR is a cryptographic verification mechanism used to prove that the assets held on-chain by an exchange are sufficient to cover the total user assets on a 1:1 basis, ensuring transparency while protecting user privacy, primarily to demonstrate that they have not misappropriated user assets and have the ability to honor withdrawals.

The difference between the PoR verification method of exchanges and traditional finance is that PoR is based on cryptographic proofs that can be publicly verified, allowing users to verify independently; whereas traditional audits rely on third-party sampling and reporting, leaving users to trust passively, with relatively limited transparency.

In theory, PoR is meant to reassure users, but currently, only a few leading exchanges, represented by OKX, continue to release PoR reports monthly, while many others are in a state of "slacking off" or "stagnation." However, even with a PoR report, it does not guarantee that the assets we have in the exchange are completely safe. In other words, showcasing a PoR report does not equate to absolute safety; we still need to understand how each exchange performs in terms of PoR, which reflects the security level of different exchanges.

Blockchain expert Nic Carter has commented that OKX represents the highest quality of PoR among mainstream exchanges. Next, we will use OKX as a sample to discuss PoR from a deeper perspective: not just asking "Is there one?" but understanding how well it is done and what level of security OKX has.

Start with These Three Steps

Many friends open the PoR report and the first thing they see is a row of tables or data: BTC reserve rate 104%, ETH reserve rate 101%, USDT reserve rate 103%… Seeing that they are all above 100%, one might instinctively feel reassured: this platform should be quite reliable. But hold on, there are actually many hidden details in the PoR report, and just looking at the reserve rates is far from enough.

To quickly grasp the key points and risks of PoR, you can look at the following three main steps and ideas.

Step 1: Look at the Overview: Open the report and first find the total user assets, total platform liabilities, and reserve ratio. Different exchanges may have different terminologies; for example, OKX uses account assets and OKX wallet assets, but essentially they refer to the assets and liabilities between users and the exchange. Don’t just focus on the size of these numbers; instead, check whether the reserve ratio is equal to or greater than 100%. For instance, in the PoR released by OKX in April, the BTC reserve rate is 104%, which not only meets the daily withdrawal needs of users but also reserves redundancy, indicating a stronger risk resistance.

Step 2: Check the Details of the Coins: Not all coins are equally "stable." First, check whether mainstream coins (BTC, ETH, USDT, USDC, etc.) are included, as these coins usually account for a large portion of user assets and are core indicators of the exchange's liquidity, payment ability, and risk control level. Secondly, you need to click on the details of each coin to see if the total assets of the exchange match the total user assets. For example, if there are 10,000 USDT in the wallet and the total user assets are 9,000, then there is no problem. But if it’s the other way around, you need to be cautious about whether there have been abnormal withdrawals or a decline in the reserve ratio.

Step 3: Identify Common Tricks: To showcase safety, some may orchestrate a "fund dispatch" through associated addresses, then transfer the funds back after the PoR is published; create a large number of false "liability accounts" to reduce platform liabilities, thereby proving payment ability at a certain moment, only to revert in the next period, etc. OKX uses zk-STARK technology and has made its code open-source globally, which effectively prevents the false "liability account" trick, and users can also verify themselves to guard against such "PoR report image manipulation."

If you don’t have time to look at all the data in detail, it is recommended to focus on three key indicators:

1. Is the reserve ratio consistently stable above 100%?

2. Does it support user self-verification?

3. Is the report updated regularly and does it cover mainstream assets and staked assets?

We must remember: The appearance of good PoR data is not the focus; the key is to understand the exchange's payment and security capabilities.

Focus on These Six Data Points

First, understand the most critical security data: Is the PoR above 100%? This is like putting money in a bank; the most basic requirement is that the bank must have enough money to return to you. This logic holds true for crypto exchanges as well. We need to see if the on-chain assets of the exchange can cover user account assets on a 1:1 basis; this ratio is known as the "reserve ratio" (PoR = platform assets / user assets × 100%).

Equal to 100%: Indicates that the platform holds just enough assets to cover user assets; above 100%: Indicates that the platform has sufficient funds for payment and a certain level of risk resistance. However, it is also important to note that a higher reserve ratio does not necessarily mean the exchange is safer; the two cannot be directly equated. For example, if the reserve ratio of a certain coin suddenly increases, it may be due to recent activities by the platform; below 100%: This is a red flag! It indicates that the assets held by the platform for that coin are insufficient to pay all users. A sustained level below 100% may mean the platform is experiencing a run on deposits or is deliberately concealing liquidity issues. Because of this, many platforms may experience report interruptions during such times, which itself is a risk signal.

Second, which coins does the PoR cover: Are all mainstream coins included? After all, our assets are not just concentrated in one coin; BTC, ETH, USDT, USDC, and other mainstream coins generally account for 80% to 90% of user positions. The number of coins covered by the PoR is an important indicator for assessing the transparency and asset management capability of the exchange. Taking OKX as an example, it has expanded from initially 3 coins to now publicly disclosing PoR for 22 coins, essentially putting the main user assets on display. Just BTC, ETH, USDT, and USDC alone account for over 66% of the platform's assets, and the 22 coins disclosed in the PoR account for over 90% of the platform's assets. This means that by looking at just these four coins, you can basically understand the safety of the chosen platform.

Third, the cleanliness of the reserves: the proportion of non-platform coin assets in total reserves, rather than relying on its own platform coin to "fill the gap." Cleanliness is an important dimension for measuring the quality of an exchange's assets. It directly reflects the true value, liquidity, and risk resistance of the reserves—only by maintaining sufficient reserves without relying on its own tokens can an exchange prove its true robustness. When evaluating the quality of an exchange's reserves, we can categorize "cleanliness" into two types:

Proving by individual coin—The exchange publishes PoR reports for each major coin (such as BTC, ETH, USDT, USDC, etc.) separately; as long as the reserve ratio for each individual coin is greater than 100%, it indicates that the coin has payment capability. Whether or not the platform's own coin is included does not affect the judgment of the payment capability of each mainstream coin.

Proving by total assets—The exchange combines all assets (including the platform coin) to provide an overall reserve ratio. In this method, if the platform coin has a high proportion, any decline in its price or liquidity could lead to risks of overall reserves being unable to be redeemed, so it is crucial to pay special attention to the proportion of non-platform coin assets in total assets, which is the "cleanliness." Currently, most exchanges include their platform coins in the PoR. For example, in OKX, although it maintains a PoR above 100% for each individual mainstream coin, unaffected by OKB price fluctuations; if calculated by the latest overall asset method, its non-platform coin "cleanliness" is about 70%. This means that relying solely on the most liquid mainstream assets like BTC, ETH, USDT, and USDC can support over 70% of total user liabilities, truly achieving high transparency and risk resistance.

Fourth, another often overlooked point: the trend of reserve amounts for mainstream coins like BTC and ETH. A rising trend likely indicates that users or institutions have confidence in the platform's safety and liquidity. Recently, the reserve amounts of mainstream coins like ETH and BTC on OKX have shown an upward trend; for instance, as of April 7, 2025, the OKX PoR report shows that the number of ETH in accounts has increased from 1,556,932 on October 8, 2024, to 1,770,686, an increase of about 13.7%; BTC has risen from 126,082 on January 10, 2025, to 133,151, an increase of about 5.6%, indirectly reflecting user confidence in the platform's safety.

Fifth, the proportion of the Top 10 mainstream coins: Don’t let obscure coins dominate. The higher the proportion of the Top 10 mainstream coins, the healthier the PoR, as these assets have strong liquidity and stability, better supporting the platform's financial safety in extreme situations. According to various PoR reports, the current reserve structure of mainstream exchanges shows that the top 10 mainstream coins account for about 80% or more, while obscure coins are controlled at 10%–20%, resulting in a healthy overall asset structure that meets user expectations for high payment capability. For example, as of April 7, 2025, the total value of the Top 10 mainstream coins in OKX's PoR accounts for about 88.8%.

Sixth, the frequency of PoR report releases is also very important: Is it "occasionally showcased"? PoR reports typically reflect the asset status at a specific point in time. The higher the frequency of PoR releases, the harder it is for the exchange to conceal short-term liquidity or security risks. Since OKX first released its PoR at the end of 2022, it has consistently published reports monthly, with 30 consecutive issues as of April 2025. Meanwhile, each report is audited and verified by the blockchain security agency Hacken. This also explains why leading platforms like OKX repeatedly emphasize "monthly disclosure"—only high-frequency, reliable audit updates can truly enhance user confidence and maintain platform integrity.

When assessing the asset security of exchanges, we must conduct data linkage; we cannot rely solely on the PoR reports published by the platform itself, but can cross-verify with multiple data sources to form a more comprehensive and objective judgment. For example, DeFiLlama's CEX Transparency module provides an overview of the on-chain asset reserves of major centralized exchanges, which can serve as an important external reference. Meanwhile, in Nansen's "CEX Token Flow" section, you can view real-time inflow/outflow situations of funds for exchanges including Coinbase and OKX, capturing on-chain fund dynamics.

Previously, there was a brief anomaly in OKX's asset data on DeFiLlama, which was later found to be due to address upgrades causing delays in third-party data capture. Such events remind us that while third-party platforms are independent, they are also limited by the timeliness and completeness of on-chain address recognition. Additionally, some small and medium exchanges show significant discrepancies between their PoR data and that of third-party on-chain monitoring platforms; if these discrepancies cannot be reasonably explained, further cautious investigation into their underlying causes is necessary.

PoR data cannot be interpreted in isolation, nor can one become complacent upon seeing numbers like "100%." Only by combining on-chain tracking, third-party platform verification, and the exchange's own public mechanisms can we make a more scientific judgment about asset security.

Small Tools for Users to Verify Exchange Data

**The platform itself "showed" the PoR, but that does not mean it is absolutely trustworthy. When faced with the ultimate question of "Is the money you put in really there?" it is even more necessary for users to be able to verify. Taking the verification logic provided by OKX as an example, it only needs to prove two points: first, to prove the total user assets (account assets) are correct; second, to prove the total on-chain assets of the platform (wallet assets) are correct, ultimately deriving the "reserve ratio."

For example, if two users deposit assets into the exchange, one deposits 100U and the other deposits 200U, the platform's total liabilities would be 300U. The exchange's PoR needs to prove two things: that the total deposits of both users amount to 300U, and that the exchange's wallet indeed holds 300U.

Step 1: Verification of Total User Deposits. OKX uses a zero-knowledge proof algorithm called "zk-STARK" to prove and verify all OKX account assets held by the exchange. OKX takes a "snapshot" of all user accounts and applies "constraints" according to the "zk-STARK" algorithm. The first is the "total balance constraint," which requires the total amount of assets to equal the sum of account asset balances; the second is the "non-negative constraint," ensuring that there are no accounts with negative assets artificially inflating the balance; the third is the "inclusiveness constraint," which requires that no accounts are omitted.

Step 2: Verification of Exchange Wallet Assets. OKX has publicly disclosed a set of wallet addresses and signed a message with a private key stating "I am an OKX address," proving ownership of these addresses. Anyone can check the balances of these addresses on a blockchain explorer. By adding up these on-chain balances, the true total assets held by OKX can be obtained.

Whether it is the above three constraints or the verification of the exchange wallet assets, OKX not only provides detailed self-verification tutorials for users, allowing them to verify at any time (https://www.okx.com/zh-hans/proof-of-reserves), but also open-sourced the PoR code for the technical community to verify and use (https://github.com/okx/proof-of-reserves/releases/tag/v3.1.4).

The PoR Solution Itself Still Has Room for Iteration

OKX has been exploring safer underlying technological support to prevent PoR report data from being tampered with or forged. Since launching the standard Merkle Tree-based PoR in November 2022, OKX upgraded to the comprehensive Merkle Tree V2 in March 2023, and then in April 2023, it innovatively introduced its self-developed zk-STARK zero-knowledge proof, integrating the sum constraint, inclusiveness, and non-negative constraints, making the verification process lighter and open-source. Therefore, when evaluating any exchange's PoR report, in addition to focusing on the reserve ratio and user self-verification, one should also comprehensively consider its underlying technological implementation and evolution path to prevent overlooking potential tampering or audit loopholes based solely on data indicators.

Why upgrade to zk-STARK technology? Traditional Merkle tree proof solutions have vulnerabilities, leading to the possibility of CEX engaging in malicious activities. The Merkle tree is a common data structure, and when used for reserve proof, it hashes the balance of each account and organizes them into a tree structure to verify whether a certain account's balance is included in the total liabilities of the exchange. However, traditional Merkle trees have a key flaw: they cannot prevent negative value nodes. If a centralized exchange (CEX) wants to engage in malicious activities, it can create fake accounts and set the balances of these accounts to negative values, making the reserves appear to match the liabilities, even if they do not.

zk-STARK uses advanced cryptographic technology, and the proofs generated are mathematically verifiable, allowing anyone to verify their correctness. Most importantly, zk-STARK does not require a trusted setup. A trusted setup refers to a special process in certain cryptographic systems (like zk-SNARK) that generates initial secret parameters, and after the trusted setup is completed, all initial secret parameters must be destroyed. If this initial secret parameter is leaked or manipulated, the security of the entire system may be compromised.

But zk-STARK avoids this risk; it is based on transparent cryptographic technology, and the entire process does not rely on any secret information or external trust, making it completely decentralized. Users do not need to worry about potential loopholes during platform operations or setups. zk-STARK provides a truly "trust-free" security guarantee and is currently the safest solution in PoR.

How does zk-STARK solve this problem? zk-STARK provides strong mathematical guarantees that can verify whether each account's balance is real and legitimate. There are no hidden negative value nodes; zk-STARK ensures that the net balance of all accounts is greater than or equal to zero. Furthermore, the total reserve amount cannot be manipulated; CEX cannot create a false appearance of matching reserves through data tampering. zk-STARK completely eliminates the vulnerabilities that traditional reserve proofs may have, truly ensuring the safety of user funds and preventing exchanges from maliciously deceiving users.

OKX's Continuous Leadership in Credibility and Transparency

In addition to adopting advanced zk-STARK zero-knowledge proof technology, OKX has also engaged the independent third-party auditing firm HACKEN for certification, providing users with additional trust assurance. Currently, Hacken's audit team verifies OKX's reserves monthly, ensuring that its on-chain assets fully cover user liabilities, meaning the reserve ratio is at 100% or higher, and they will publicly release audit reports that users can access at any time.

PoR is just one aspect of CEX security and cannot comprehensively prevent potential risks. When choosing a CEX, users should rely on the on-chain asset verification capabilities provided by PoR, as well as consider governance structure, liquidity, technical strength, and other factors comprehensively. OKX has built a more trustworthy security line through its consistently stable PoR release rhythm, industry-leading zk-STARK innovative technology, and collaboration with independent third-party audits, truly achieving transparency and verifiability for users.

With its continuously leading credibility and transparency, OKX is gaining the trust and choice of more and more users globally.

Don’t Trust, Verify.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。